Posts [ 2 ]

Topic: Apache 2+Passenger users and security

I need to create some Virtual Hosts and reload Apache 2 conf. from within a Rails 2.3.8 app. According to Passenger official doc :

A Rails application is started as the owner of the file config/environment.rb

Cool ! I just have to chown environment.rb as root, then I can do whatever I want with apache and conf. files, BUT... is it a really good idea to run a Rails app as Root ?! How high and critical are the risks ?